A botnet is a collection of internet-connected
devices that an attacker has compromised. Botnets act as a force multiplier for individual
attackers, cyber-criminal groups and nation-states looking to disrupt or break into their targets’
systems. Commonly used in distributed denial of service
(DDoS) attacks, botnets can also take advantage of their collective computing power to send
large volumes of spam, steal credentials at scale, or spy on people and organizations.
Malicious actors build botnets by infecting connected devices with malware and then managing
them using a command and control server. Once an attacker has compromised a device
on a specific network, all the vulnerable devices on that network are at risk of being
infected. A botnet attack can be devastating. In 2016,
the Mirai botnet shut down a large portion of the internet, including Twitter, Netflix,
CNN and other major sites, as well as major Russian banks and the entire country of Liberia.
Mirai took advantage of unsecured internet of things devices such as security cameras,
installing malware that then attacked the DYN servers that route internet traffic.
Why we can’t stop botnets The challenges to shutting botnets down include
the widespread availability and ongoing purchases of insecure devices, the near impossibility
of simply locking infected machines out of the internet, and difficulty tracking down
and prosecuting the botnet creators. When consumers go into a store to buy a security
camera or other connected device, they look at features, they look for recognizable brands,
and, most importantly, they look at the price. Security is rarely a top consideration.
How to prevent botnet attacks The Council to Secure the Digital Economy,
in cooperation with the Information Technology Industry Council, USTelecom and other organizations,
recently released a comprehensive guide to defending enterprises against botnets. Here
are the top 4 recommendations. 1. Update
Botnets use unpatched vulnerabilities to spread from machine to machine so that they can cause
maximum damage in an enterprise. The first line of defense should be to keep all systems
updated. 2. Lock down access
The guide recommends that enterprises deploy multi-factor and risk-based authentication,
least privilege, and other best practices for access controls.
3. Don’t go it alone The anti-bot guide recommends several areas
in which enterprises can benefit by looking to external partners for help. For example,
there are many channels in which enterprises can share threat information, such as industry groups, and vendor-sponsored platforms. 4. Deepen your defenses
It’s no longer enough to secure the perimeter or endpoint devices. You need multiple defensive
systems. Isolating IoT devices on a separate part of the network is one recommended approach.